Pappion said:
I have been assured by MS that they do NOT send me updates and
information via email (I am signed up to have automatic downloads and
receive them that way--in my sys tray). However, I've been receiving
emails from "Microsoft" and yet the company tells me they do NOT send
out information via email. To whom should I report this? I have notified
my DSL company by sending them the headers, et al. Thank you.
There's not much point in reporting something that's been going on for
years, now. Microsoft is well aware of it. About the most you can do
is warn anyone who might have your email address in their address book
that they might be infected with any one of several old worms.
What you're receiving is most likely the output of a computer
infected by one of several widely publicized, wide-spread, mass emailing
worms. The virus' authors have deliberately spoofed the Microsoft
information in the hopes of garnering more victims. This sort of email
has been very common for past few years. Some of the most widely-known are:
W32.Swen.A_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
W32.Dumaru_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
W32.Gibe_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
Trojan.Xombe
http://www.symantec.com/avcenter/venc/data/trojan.xombe.html
Microsoft never has, does not currently, and very probably never
will email unsolicited security patches. At the most, if -- and only if
-- you subscribe to their security notification newsletter, they will
send you an email informing you that a new patch is available for
downloading.
Microsoft Policies on Software Distribution
http://www.microsoft.com/technet/treeview/?url=/technet/security/policy/swdist.asp
Information on Bogus Microsoft Security Bulletin Emails
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/patch_hoax.asp
How to Tell If a Microsoft Security-Related Message Is Genuine
http://www.microsoft.com/security/antivirus/authenticate_mail.asp
Remember, any and all legitimate patches and updates are readily
available at
http://windowsupdate.microsoft.com/, and no where else. You
should develop the habit of checking this site at least once a month to
keep your computer up-to-date. (Notice that this is the true URL,
rather than the bogus one that may have been contained in the email you
received.) Any messages that point to any other source(s) or claim to
have the patch attached are bogus.
You're receiving these emails because your email address is in
the address book of someone infected with a worm, and/or because you
posted your real email address somewhere on-line, either in a forum
accessible to the public and spambots, such as Usenet, or on an
untrustworthy web site that subsequently sold your address as part of a
mailing list. One thing you can do is notify _everyone_ with whom
you've ever corresponded via email that one or more of them may be
infected with a mass emailing worm, and should take the appropriate
steps. You can also ask your ISP to take steps to preclude their mail
server from passing on such emails. Many ISPs have such filtering
capabilities.
--
Bruce Chambers
Help us help you:
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin